[ 329.103968][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:10990' (ECDSA) to the list of known hosts. 1970/01/01 00:06:00 fuzzer started 1970/01/01 00:06:15 dialing manager at localhost:45389 [ 381.308329][ T2046] cgroup: Unknown subsys name 'net' [ 382.325971][ T2046] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:22 syscalls: 2827 1970/01/01 00:06:22 code coverage: enabled 1970/01/01 00:06:22 comparison tracing: enabled 1970/01/01 00:06:22 extra coverage: enabled 1970/01/01 00:06:22 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:22 setuid sandbox: enabled 1970/01/01 00:06:22 namespace sandbox: enabled 1970/01/01 00:06:22 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:22 fault injection: enabled 1970/01/01 00:06:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:22 net packet injection: enabled 1970/01/01 00:06:22 net device setup: enabled 1970/01/01 00:06:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:22 USB emulation: enabled 1970/01/01 00:06:22 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:22 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:22 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:22 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:28 fetching corpus: 50, signal 28855/32403 (executing program) 1970/01/01 00:06:32 fetching corpus: 100, signal 42636/47593 (executing program) 1970/01/01 00:06:36 fetching corpus: 150, signal 53438/59700 (executing program) 1970/01/01 00:06:38 fetching corpus: 200, signal 62331/69827 (executing program) 1970/01/01 00:06:41 fetching corpus: 250, signal 67125/75904 (executing program) 1970/01/01 00:06:45 fetching corpus: 300, signal 75906/85706 (executing program) 1970/01/01 00:06:48 fetching corpus: 349, signal 80667/91576 (executing program) 1970/01/01 00:06:51 fetching corpus: 398, signal 83678/95733 (executing program) 1970/01/01 00:06:53 fetching corpus: 448, signal 89746/102691 (executing program) 1970/01/01 00:06:58 fetching corpus: 498, signal 93994/107886 (executing program) 1970/01/01 00:07:00 fetching corpus: 546, signal 97015/111913 (executing program) 1970/01/01 00:07:02 fetching corpus: 595, signal 102565/118198 (executing program) 1970/01/01 00:07:07 fetching corpus: 645, signal 111748/127671 (executing program) 1970/01/01 00:07:10 fetching corpus: 695, signal 113355/130222 (executing program) 1970/01/01 00:07:14 fetching corpus: 745, signal 116014/133664 (executing program) 1970/01/01 00:07:17 fetching corpus: 794, signal 118954/137319 (executing program) 1970/01/01 00:07:20 fetching corpus: 844, signal 121671/140707 (executing program) 1970/01/01 00:07:23 fetching corpus: 894, signal 122920/142811 (executing program) 1970/01/01 00:07:25 fetching corpus: 944, signal 125146/145684 (executing program) 1970/01/01 00:07:27 fetching corpus: 994, signal 127419/148672 (executing program) 1970/01/01 00:07:31 fetching corpus: 1044, signal 130062/151915 (executing program) 1970/01/01 00:07:35 fetching corpus: 1094, signal 132353/154756 (executing program) 1970/01/01 00:07:39 fetching corpus: 1144, signal 135632/158342 (executing program) 1970/01/01 00:07:42 fetching corpus: 1194, signal 137652/160876 (executing program) 1970/01/01 00:07:44 fetching corpus: 1244, signal 139644/163422 (executing program) 1970/01/01 00:07:46 fetching corpus: 1293, signal 141989/166208 (executing program) 1970/01/01 00:07:49 fetching corpus: 1343, signal 144250/168832 (executing program) 1970/01/01 00:07:52 fetching corpus: 1393, signal 147351/172105 (executing program) 1970/01/01 00:07:54 fetching corpus: 1443, signal 149597/174683 (executing program) 1970/01/01 00:07:58 fetching corpus: 1493, signal 152663/177855 (executing program) 1970/01/01 00:08:01 fetching corpus: 1543, signal 155525/180785 (executing program) 1970/01/01 00:08:04 fetching corpus: 1593, signal 159477/184440 (executing program) 1970/01/01 00:08:07 fetching corpus: 1643, signal 160639/186057 (executing program) 1970/01/01 00:08:10 fetching corpus: 1693, signal 162297/188014 (executing program) 1970/01/01 00:08:12 fetching corpus: 1743, signal 163193/189363 (executing program) 1970/01/01 00:08:15 fetching corpus: 1793, signal 164642/191145 (executing program) 1970/01/01 00:08:17 fetching corpus: 1843, signal 167957/194146 (executing program) 1970/01/01 00:08:20 fetching corpus: 1893, signal 169740/196072 (executing program) 1970/01/01 00:08:22 fetching corpus: 1942, signal 171138/197724 (executing program) 1970/01/01 00:08:26 fetching corpus: 1992, signal 174202/200492 (executing program) 1970/01/01 00:08:29 fetching corpus: 2041, signal 175435/202033 (executing program) 1970/01/01 00:08:31 fetching corpus: 2091, signal 176887/203612 (executing program) 1970/01/01 00:08:34 fetching corpus: 2141, signal 177614/204708 (executing program) 1970/01/01 00:08:37 fetching corpus: 2191, signal 178825/206125 (executing program) 1970/01/01 00:08:39 fetching corpus: 2240, signal 179420/207148 (executing program) 1970/01/01 00:08:43 fetching corpus: 2290, signal 180957/208748 (executing program) 1970/01/01 00:08:45 fetching corpus: 2340, signal 181902/209921 (executing program) 1970/01/01 00:08:48 fetching corpus: 2390, signal 182817/211043 (executing program) 1970/01/01 00:08:51 fetching corpus: 2439, signal 184210/212470 (executing program) 1970/01/01 00:08:57 fetching corpus: 2489, signal 186331/214355 (executing program) 1970/01/01 00:08:59 fetching corpus: 2538, signal 188291/216087 (executing program) 1970/01/01 00:09:02 fetching corpus: 2588, signal 189460/217315 (executing program) 1970/01/01 00:09:05 fetching corpus: 2638, signal 190582/218474 (executing program) 1970/01/01 00:09:08 fetching corpus: 2688, signal 191583/219596 (executing program) 1970/01/01 00:09:11 fetching corpus: 2738, signal 192540/220645 (executing program) 1970/01/01 00:09:14 fetching corpus: 2788, signal 193312/221528 (executing program) 1970/01/01 00:09:17 fetching corpus: 2838, signal 194117/222474 (executing program) 1970/01/01 00:09:19 fetching corpus: 2888, signal 195482/223689 (executing program) 1970/01/01 00:09:21 fetching corpus: 2936, signal 196332/224567 (executing program) 1970/01/01 00:09:25 fetching corpus: 2986, signal 197885/225841 (executing program) 1970/01/01 00:09:27 fetching corpus: 3036, signal 199251/227005 (executing program) 1970/01/01 00:09:30 fetching corpus: 3086, signal 200750/228168 (executing program) 1970/01/01 00:09:32 fetching corpus: 3135, signal 201841/229107 (executing program) 1970/01/01 00:09:35 fetching corpus: 3185, signal 205176/231194 (executing program) 1970/01/01 00:09:38 fetching corpus: 3235, signal 206344/232144 (executing program) 1970/01/01 00:09:41 fetching corpus: 3284, signal 207357/233022 (executing program) 1970/01/01 00:09:44 fetching corpus: 3334, signal 208567/233978 (executing program) 1970/01/01 00:09:47 fetching corpus: 3384, signal 209791/234906 (executing program) 1970/01/01 00:09:50 fetching corpus: 3433, signal 212250/236445 (executing program) 1970/01/01 00:09:52 fetching corpus: 3483, signal 212984/237150 (executing program) 1970/01/01 00:09:59 fetching corpus: 3532, signal 214248/238087 (executing program) 1970/01/01 00:10:01 fetching corpus: 3582, signal 214988/238750 (executing program) 1970/01/01 00:10:04 fetching corpus: 3632, signal 215698/239379 (executing program) 1970/01/01 00:10:07 fetching corpus: 3682, signal 216601/240089 (executing program) 1970/01/01 00:10:10 fetching corpus: 3732, signal 217899/240915 (executing program) 1970/01/01 00:10:13 fetching corpus: 3782, signal 219003/241642 (executing program) 1970/01/01 00:10:17 fetching corpus: 3831, signal 219887/242254 (executing program) 1970/01/01 00:10:19 fetching corpus: 3881, signal 220815/242887 (executing program) 1970/01/01 00:10:22 fetching corpus: 3930, signal 221515/243432 (executing program) 1970/01/01 00:10:26 fetching corpus: 3980, signal 224503/244803 (executing program) 1970/01/01 00:10:29 fetching corpus: 4030, signal 225457/245434 (executing program) 1970/01/01 00:10:31 fetching corpus: 4079, signal 226415/246038 (executing program) 1970/01/01 00:10:34 fetching corpus: 4129, signal 227655/246712 (executing program) 1970/01/01 00:10:36 fetching corpus: 4179, signal 228179/247101 (executing program) 1970/01/01 00:10:39 fetching corpus: 4228, signal 228982/247561 (executing program) 1970/01/01 00:10:42 fetching corpus: 4277, signal 229489/247972 (executing program) 1970/01/01 00:10:45 fetching corpus: 4326, signal 230325/248440 (executing program) 1970/01/01 00:10:48 fetching corpus: 4376, signal 230989/248864 (executing program) 1970/01/01 00:10:51 fetching corpus: 4426, signal 232122/249392 (executing program) 1970/01/01 00:10:54 fetching corpus: 4475, signal 233988/250125 (executing program) 1970/01/01 00:10:57 fetching corpus: 4524, signal 234708/250507 (executing program) 1970/01/01 00:10:59 fetching corpus: 4573, signal 235355/250848 (executing program) 1970/01/01 00:11:01 fetching corpus: 4623, signal 235838/251143 (executing program) 1970/01/01 00:11:04 fetching corpus: 4673, signal 237180/251648 (executing program) 1970/01/01 00:11:07 fetching corpus: 4723, signal 237714/251924 (executing program) 1970/01/01 00:11:09 fetching corpus: 4772, signal 238249/252195 (executing program) 1970/01/01 00:11:12 fetching corpus: 4821, signal 238862/252485 (executing program) 1970/01/01 00:11:15 fetching corpus: 4871, signal 239402/252756 (executing program) 1970/01/01 00:11:17 fetching corpus: 4921, signal 239918/252991 (executing program) 1970/01/01 00:11:20 fetching corpus: 4971, signal 240488/253249 (executing program) 1970/01/01 00:11:22 fetching corpus: 5021, signal 241143/253516 (executing program) 1970/01/01 00:11:24 fetching corpus: 5071, signal 241897/253796 (executing program) 1970/01/01 00:11:27 fetching corpus: 5121, signal 242639/254066 (executing program) 1970/01/01 00:11:30 fetching corpus: 5171, signal 243706/254359 (executing program) 1970/01/01 00:11:32 fetching corpus: 5221, signal 244194/254529 (executing program) 1970/01/01 00:11:35 fetching corpus: 5271, signal 245287/254816 (executing program) 1970/01/01 00:11:38 fetching corpus: 5321, signal 245933/255011 (executing program) 1970/01/01 00:11:40 fetching corpus: 5371, signal 246619/255200 (executing program) 1970/01/01 00:11:42 fetching corpus: 5420, signal 247689/255436 (executing program) 1970/01/01 00:11:45 fetching corpus: 5470, signal 248835/255675 (executing program) 1970/01/01 00:11:48 fetching corpus: 5520, signal 249565/255827 (executing program) 1970/01/01 00:11:50 fetching corpus: 5570, signal 251105/256052 (executing program) 1970/01/01 00:11:53 fetching corpus: 5620, signal 251608/256162 (executing program) 1970/01/01 00:11:55 fetching corpus: 5669, signal 252277/256279 (executing program) 1970/01/01 00:11:59 fetching corpus: 5719, signal 252850/256378 (executing program) 1970/01/01 00:12:01 fetching corpus: 5748, signal 253192/256456 (executing program) 1970/01/01 00:12:02 fetching corpus: 5748, signal 253192/256477 (executing program) 1970/01/01 00:12:02 fetching corpus: 5748, signal 253192/256499 (executing program) 1970/01/01 00:12:02 fetching corpus: 5748, signal 253192/256527 (executing program) 1970/01/01 00:12:02 fetching corpus: 5748, signal 253192/256554 (executing program) 1970/01/01 00:12:02 fetching corpus: 5748, signal 253192/256586 (executing program) 1970/01/01 00:12:02 fetching corpus: 5748, signal 253192/256612 (executing program) 1970/01/01 00:12:02 fetching corpus: 5748, signal 253192/256640 (executing program) 1970/01/01 00:12:03 fetching corpus: 5748, signal 253192/256663 (executing program) 1970/01/01 00:12:03 fetching corpus: 5748, signal 253192/256694 (executing program) 1970/01/01 00:12:03 fetching corpus: 5748, signal 253192/256715 (executing program) 1970/01/01 00:12:03 fetching corpus: 5748, signal 253192/256747 (executing program) 1970/01/01 00:12:03 fetching corpus: 5748, signal 253192/256761 (executing program) 1970/01/01 00:12:03 fetching corpus: 5748, signal 253192/256761 (executing program) 1970/01/01 00:14:08 starting 2 fuzzer processes 00:14:08 executing program 0: syz_io_uring_setup(0x1, &(0x7f0000000240), &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) mbind(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3) 00:14:08 executing program 1: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) syz_mount_image$ext4(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0xffffff28, 0x0, 0x0, 0x0) r1 = inotify_init1(0x0) readv(r1, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146, 0x92}], 0x1) inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x22000894) openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 868.196459][ C0] ================================================================== [ 868.200176][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 868.202028][ C0] Read of size 8 at addr ffffaf800f037eb0 by task syz-executor.0/2065 [ 868.205490][ C0] [ 868.206836][ C0] CPU: 0 PID: 2065 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 868.208617][ C0] Hardware name: riscv-virtio,qemu (DT) [ 868.209878][ C0] Call Trace: [ 868.211035][ C0] [] dump_backtrace+0x2e/0x3c [ 868.212534][ C0] [] show_stack+0x34/0x40 [ 868.213789][ C0] [] dump_stack_lvl+0xe4/0x150 [ 868.215212][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 868.216818][ C0] [] kasan_report+0x184/0x1e0 [ 868.218213][ C0] [] __asan_load8+0x6e/0x96 [ 868.219630][ C0] [] walk_stackframe+0x11c/0x260 [ 868.221126][ C0] [] arch_stack_walk+0x2c/0x3c [ 868.222566][ C0] [] stack_trace_save+0xa6/0xd8 [ 868.223915][ C0] [] kasan_save_stack+0x2c/0x58 [ 868.225503][ C0] [ 868.226333][ C0] Allocated by task 1102394680: [ 868.227311][ C0] (stack is not available) [ 868.228138][ C0] [ 868.228904][ C0] Freed by task 2058: [ 868.229873][ C0] stack_trace_save+0xa6/0xd8 [ 868.231600][ C0] kasan_save_stack+0x2c/0x58 [ 868.232864][ C0] kasan_set_track+0x1a/0x26 [ 868.234028][ C0] kasan_set_free_info+0x1e/0x3a [ 868.235151][ C0] ____kasan_slab_free+0x15e/0x180 [ 868.236367][ C0] __kasan_slab_free+0x10/0x18 [ 868.237574][ C0] slab_free_freelist_hook+0x8e/0x1cc [ 868.238840][ C0] kfree+0xe0/0x3e4 [ 868.239928][ C0] tomoyo_realpath_from_path+0x158/0x3f4 [ 868.241824][ C0] tomoyo_check_open_permission+0x282/0x348 [ 868.243266][ C0] tomoyo_file_open+0x78/0x7c [ 868.244442][ C0] security_file_open+0x44/0x9a [ 868.245602][ C0] do_dentry_open+0x1c6/0x7d4 [ 868.246799][ C0] vfs_open+0x52/0x5e [ 868.247931][ C0] path_openat+0x12b6/0x189e [ 868.249050][ C0] do_filp_open+0x10e/0x22a [ 868.250174][ C0] do_sys_openat2+0x174/0x31e [ 868.251779][ C0] sys_openat+0xdc/0x164 [ 868.253010][ C0] ret_from_syscall+0x0/0x2 [ 868.254179][ C0] [ 868.254918][ C0] Last potentially related work creation: [ 868.255912][ C0] ------------[ cut here ]------------ [ 868.256819][ C0] slab index 1506808 out of bounds (289) for stack id 8456fdf8 [ 868.261535][ C0] WARNING: CPU: 0 PID: 2065 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 868.263820][ C0] Modules linked in: [ 868.265038][ C0] CPU: 0 PID: 2065 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 868.266557][ C0] Hardware name: riscv-virtio,qemu (DT) [ 868.267567][ C0] epc : stack_depot_print+0x66/0x70 [ 868.268665][ C0] ra : stack_depot_print+0x66/0x70 [ 868.269556][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800f037d70 [ 868.270351][ C0] gp : ffffffff85863ac0 tp : ffffaf800e39c8c0 t0 : ffffffff86bcb657 [ 868.272147][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800f037d80 [ 868.274459][ C0] s1 : ffffaf807aa81d80 a0 : 000000000000003c a1 : 00000000000f0000 [ 868.275718][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : ca154765d1637f00 [ 868.276957][ C0] a5 : ca154765d1637f00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 868.278181][ C0] s2 : ffffaf800f037eb0 s3 : ffffaf8007202140 s4 : ffffaf800f036000 [ 868.279441][ C0] s5 : ffffaf800f037000 s6 : 0000000000003fff s7 : ffffaf800f037e50 [ 868.280659][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800f037f20 [ 868.282789][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 868.284001][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800f037878 [ 868.285075][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 868.286452][ C0] [] print_address_description.constprop.0+0x2fc/0x330 [ 868.288061][ C0] [] kasan_report+0x184/0x1e0 [ 868.289391][ C0] [] __asan_load8+0x6e/0x96 [ 868.290685][ C0] [] walk_stackframe+0x11c/0x260 [ 868.292726][ C0] [] arch_stack_walk+0x2c/0x3c [ 868.294025][ C0] [] stack_trace_save+0xa6/0xd8 [ 868.295382][ C0] [] kasan_save_stack+0x2c/0x58 [ 868.296821][ C0] irq event stamp: 26529 [ 868.297663][ C0] hardirqs last enabled at (26528): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 868.299189][ C0] hardirqs last disabled at (26529): [] _raw_spin_lock_irqsave+0x60/0x62 [ 868.300690][ C0] softirqs last enabled at (26408): [] __do_softirq+0x618/0x8fc [ 868.302869][ C0] softirqs last disabled at (26445): [] __irq_exit_rcu+0x142/0x1f8 [ 868.306029][ C0] ---[ end trace 0000000000000000 ]--- [ 868.307555][ C0] [ 868.308282][ C0] Second to last potentially related work creation: [ 868.309246][ C0] ------------[ cut here ]------------ [ 868.310152][ C0] slab index 2076544 out of bounds (289) for stack id ffffaf80 [ 868.314770][ C0] WARNING: CPU: 0 PID: 2065 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70 [ 868.316599][ C0] Modules linked in: [ 868.317787][ C0] CPU: 0 PID: 2065 Comm: syz-executor.0 Tainted: G W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 868.319371][ C0] Hardware name: riscv-virtio,qemu (DT) [ 868.320266][ C0] epc : stack_depot_print+0x66/0x70 [ 868.322048][ C0] ra : stack_depot_print+0x66/0x70 [ 868.323451][ C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf800f037d70 [ 868.324667][ C0] gp : ffffffff85863ac0 tp : ffffaf800e39c8c0 t0 : ffffffff86bcb657 [ 868.325899][ C0] t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf800f037d80 [ 868.327146][ C0] s1 : ffffaf807aa81d80 a0 : 000000000000003c a1 : 00000000000f0000 [ 868.328345][ C0] a2 : 0000000000000504 a3 : ffffffff8012252a a4 : ca154765d1637f00 [ 868.329523][ C0] a5 : ca154765d1637f00 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 [ 868.330810][ C0] s2 : ffffaf800f037eb0 s3 : ffffaf8007202140 s4 : ffffaf800f036000 [ 868.332846][ C0] s5 : ffffaf800f037000 s6 : 0000000000003fff s7 : ffffaf800f037e50 [ 868.334064][ C0] s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf800f037f20 [ 868.335298][ C0] s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c [ 868.336485][ C0] t5 : fffff5ef0b53910d t6 : ffffaf800f037878 [ 868.337537][ C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 868.338816][ C0] [] print_address_description.constprop.0+0x2ae/0x330 [ 868.340459][ C0] [] kasan_report+0x184/0x1e0 [ 868.342506][ C0] [] __asan_load8+0x6e/0x96 [ 868.343760][ C0] [] walk_stackframe+0x11c/0x260 [ 868.345094][ C0] [] arch_stack_walk+0x2c/0x3c [ 868.346440][ C0] [] stack_trace_save+0xa6/0xd8 [ 868.347783][ C0] [] kasan_save_stack+0x2c/0x58 [ 868.349143][ C0] irq event stamp: 26529 [ 868.350030][ C0] hardirqs last enabled at (26528): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 868.352850][ C0] hardirqs last disabled at (26529): [] _raw_spin_lock_irqsave+0x60/0x62 [ 868.354584][ C0] softirqs last enabled at (26408): [] __do_softirq+0x618/0x8fc [ 868.356059][ C0] softirqs last disabled at (26445): [] __irq_exit_rcu+0x142/0x1f8 [ 868.357602][ C0] ---[ end trace 0000000000000000 ]--- [ 868.358644][ C0] [ 868.359373][ C0] The buggy address belongs to the object at ffffaf800f036000 [ 868.359373][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 868.361442][ C0] The buggy address is located 3760 bytes to the right of [ 868.361442][ C0] 4096-byte region [ffffaf800f036000, ffffaf800f037000) [ 868.363384][ C0] The buggy address belongs to the page: [ 868.365016][ C0] page:ffffaf807aa81d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f230 [ 868.366807][ C0] head:ffffaf807aa81d80 order:3 compound_mapcount:0 compound_pincount:0 [ 868.368429][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 868.371366][ C0] raw: 0000008800010200 0000000000000000 0000000000000001 ffffaf8007202140 [ 868.372843][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 868.374068][ C0] raw: 00000000000007ff [ 868.375069][ C0] page dumped because: kasan: bad access detected [ 868.376321][ C0] page_owner tracks the page as allocated [ 868.377295][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2046, ts 382765852200, free_ts 374099372300 [ 868.379606][ C0] __set_page_owner+0x48/0x136 [ 868.380893][ C0] post_alloc_hook+0xd0/0x10a [ 868.382607][ C0] get_page_from_freelist+0x8da/0x12d8 [ 868.383872][ C0] __alloc_pages+0x150/0x3b6 [ 868.385019][ C0] alloc_pages+0x132/0x2a6 [ 868.386196][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 868.387494][ C0] new_slab+0x25a/0x2cc [ 868.388581][ C0] ___slab_alloc+0x56e/0x918 [ 868.389727][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 868.391242][ C0] kmem_cache_alloc_trace+0x2a2/0x2e0 [ 868.393056][ C0] alloc_super+0x4e/0x52a [ 868.394161][ C0] sget_fc+0xc8/0x3a0 [ 868.395217][ C0] kernfs_get_tree+0xf8/0x4b4 [ 868.396428][ C0] cgroup_do_get_tree+0x9c/0x3d6 [ 868.397550][ C0] cgroup1_get_tree+0x410/0x894 [ 868.398759][ C0] vfs_get_tree+0x4a/0x19c [ 868.399905][ C0] page last free stack trace: [ 868.400850][ C0] __reset_page_owner+0x4a/0xea [ 868.402532][ C0] free_pcp_prepare+0x29c/0x45e [ 868.403675][ C0] free_unref_page+0x6a/0x31e [ 868.404797][ C0] __free_pages+0xe2/0x112 [ 868.405870][ C0] __free_slab+0x122/0x27c [ 868.406995][ C0] discard_slab+0x4c/0x7a [ 868.408124][ C0] __unfreeze_partials+0x16a/0x18e [ 868.409311][ C0] put_cpu_partial+0xf6/0x162 [ 868.410474][ C0] __slab_free+0x166/0x29c [ 868.411980][ C0] ___cache_free+0x17c/0x354 [ 868.413118][ C0] qlist_free_all+0x7c/0x132 [ 868.414159][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 868.415324][ C0] __kasan_slab_alloc+0x5c/0x98 [ 868.416510][ C0] kmem_cache_alloc+0x338/0x3de [ 868.417651][ C0] getname_flags.part.0+0x48/0x2a4 [ 868.418813][ C0] getname_flags+0x66/0x9c [ 868.420030][ C0] [ 868.420732][ C0] Memory state around the buggy address: [ 868.422621][ C0] ffffaf800f037d80: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 [ 868.423906][ C0] ffffaf800f037e00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 868.425132][ C0] >ffffaf800f037e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 868.426277][ C0] ^ [ 868.427396][ C0] ffffaf800f037f00: f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 [ 868.428549][ C0] ffffaf800f037f80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 868.429801][ C0] ================================================================== [ 868.431048][ C0] Disabling lock debugging due to kernel taint [ 868.439739][ T2065] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 868.443669][ T2065] CPU: 0 PID: 2065 Comm: syz-executor.0 Tainted: G B W 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 868.445173][ T2065] Hardware name: riscv-virtio,qemu (DT) [ 868.445760][ T2065] Call Trace: [ 868.446230][ T2065] [] dump_backtrace+0x2e/0x3c [ 868.447267][ T2065] [] show_stack+0x34/0x40 [ 868.448234][ T2065] [] dump_stack_lvl+0xe4/0x150 [ 868.449321][ T2065] [] dump_stack+0x1c/0x24 [ 868.450141][ T2065] [] panic+0x24a/0x634 [ 868.451569][ T2065] [] schedule+0x0/0x14c [ 868.452769][ T2065] [] preempt_schedule_irq+0x4a/0x13e [ 868.453666][ T2065] [] resume_kernel+0x16/0x18 [ 868.454759][ T2065] SMP: stopping secondary CPUs [ 868.456717][ T2065] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:10:53 Registers: info registers vcpu 0 pc ffffffff80475986 mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80c38d08 sepc ffffffff82b4ecb4 mcause 8000000000000007 scause 8000000000000001 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc3394 x2/sp ffffaf800f037880 x3/gp ffffffff85863ac0 x4/tp ffffaf800e39c8c0 x5/t0 ffffffff86bcb657 x6/t1 ca154765d1637f00 x7/t2 0000000000000000 x8/s0 ffffaf800f0378b0 x9/s1 ffffffff86e58900 x10/a0 ffffaf800e39c8e0 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 ffffaf800e39c8c0 x19/s3 0000000000000064 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb69b x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001e06ec0 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80115c1a mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80119b52 sepc ffffffff80119b52 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80115c1a x2/sp ffffaf800c9d30e0 x3/gp ffffffff85863ac0 x4/tp ffffaf80074e3080 x5/t0 0000000000046000 x6/t1 ca154765d1637f00 x7/t2 ffffffffffffffff x8/s0 ffffaf800c9d3200 x9/s1 ffffaf80074e3080 x10/a0 0000000000000001 x11/a1 0000000000000003 x12/a2 1ffff5f000e9c611 x13/a3 ffffffff8013fa68 x14/a4 0000000000000000 x15/a5 0000000000010203 x16/a6 0000000000f00000 x17/a7 ffffffff800dddaa x18/s2 ffffaf800c9d3180 x19/s3 ffffffff8588a420 x20/s4 0000000000000001 x21/s5 0000000000001000 x22/s6 ffffaf800c9d3280 x23/s7 ffffffff86c1a628 x24/s8 ffffffff85889780 x25/s9 1ffff5f00193a620 x26/s10 ffffaf805a9f4c98 x27/s11 ffffffff800c8918 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00193a5d8 x31/t6 0000000000a4ab34 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000